Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters. Versions affected include OTRS 5.0.x, OTRS 4.0.x, and OTRS 3.3.x.
21f3598970b7ae6cfb31cada4cccc9ed918166bc63d7eb4d159c64b23c2c0334
Zero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.
27dcc990753c286009309447bb9c72ba6733589421579106d30bc8c69f3a95ef
CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.
f6cc7aa2a2c098a2e8ed419d61aa4d65e98cc20b7bdc4c73e4cfe07ba7fc117b
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
d94a0659bb3d5751620c9a917bb3a7a6afb99e1f7b7888ddcbff44a739da4dbd
CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
5f7582e4c67739253ed079afcbce2912fb91b1a5d275896bcb931df277369cf8
CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.
2504afdbecc5337cc2f3bedfcdb2f35357e06e9213344c8bb32f8190347818d5
Zero Day Initiative Advisory 11-306 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user.
361a262ae72479a4afab85c66c4c74c4946348a51ecd9466a86252761ade0d32
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
5dc9c58b3cea78921a78163458edd743c68322a03eaccfabc9a632cc1d2e2788
CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
129765a243cc9461d666229b218c140b7dd2b2170b92ae5385206f75be6ce569
Zero Day Initiative Advisory 11-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java webstart parses certain properties from the jnlp file. Due to insufficient quote escaping it is possible to supply additional command line parameters to the java process. By crafting such parameters, an attacker can execute remote code under the context of the user running the process.
a404173fec0adb72b54fdaa57ab9e6ee4ac25a73fd950400775c364b24259cc3
CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability occurs due to insufficient validation of sent request parameters. An attacker, who can convince a user to follow a carefully constructed link or view a malicious web page, can conduct various cross-site scripting attacks. Versions 6.0.x, 6.1.x, 6.2.1, and 6.2.2 are affected.
59491a8e54f0e3980dff181e854aac91f5f99b5bc0eb81ce1a280219f8dbd3da
CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist that can allow a remote attacker to potentially compromise web user security. The first set of vulnerabilities occur due to insufficient handling of request parameters sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can potentially conduct cross-site scripting attacks. The second vulnerability occurs due to insufficient filtering of a request parameter sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can use redirection to potentially carry out additional web based attacks.
b7f2426e298629c164af95d01b3886396dbdea3a03957d1a67ef5c0aac369b16
CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adcc
Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files. Version 0.8.8.1 is affected.
3b492361b42a31322dd539245a7c64c4f1cbf45a7f989edecf307ed261a181bd
Zero Day Initiative Advisory 11-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw is due to insufficient defenses against system clipboard hijacking. When in focus, a handle to the system clipboard can be retrieved without user interaction by a malicious component. The clipboard can then be arbitrarily read from or written to. By writing a TransferableProxy object to the system clipboard and then forcing a paste action, arbitrary code can be executed under the context of the user invoking the JRE.
4c46b3ec192f1d813df40166389dd74826a1e212deec18e5d0c463478a0543f9
It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability allows privilege escalation within the OpenVAS Manager but more complex injection may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
465e38dd18df584bf3d5f7eda261e4615381784ac40a6d293ea96a4cc69f27a3
Zero Day Initiative Advisory 10-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server.
322eede1474adc2826f89bd0a74b567d46dfc161c36ec6602672c779b8c0671e
CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued a patch to address the vulnerability for each affected release. The vulnerability is due to insufficient bounds checking with a SOAP request. A remote attacker can make a SOAP request to cause a buffer overflow and potentially compromise the system.
9d039f55b21c958375378d4ba47477b52c27a168b01375bd467fcfa9414e7265
A memory corruption vulnerability exists in Adobe Shockwave Player while parsing crafted Adobe Director files (.dir or .dcr), that may lead to arbitrary code execution. The vulnerability is due to insufficient validation of certain fields while parsing 'pamm' chunk data. An attacker can leverage this vulnerability to write data to an attacker-controlled memory location. Successful exploitation could allow for the execution of arbitrary code within the security context of a target user. Adobe Shockwave Player versions 11.5.8.612 and 11.5.7.609 are affected.
52321373bf2a0653fb086d290321ba798dc5e0c8bffe3c1b5a613be0afe0213f
Mandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.
2dcc45f1140e070e5166be26b8d3ee85ca8334858f66c04bf67550e965a60fef
iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected.
014d43587d44901b7350126457fa46e3ddd7be36fcae7a02d6977373e2a71713
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
3317b05f07d3375ba69a0a88550df747e13c68c010f5503c80c416ee969ba63a
VMware Security Advisory - A cross-site scripting vulnerability in WebAccess allows for disclosure of sensitive information. The flaw is due to insufficient verification of certain parameters which may lead to redirection of a user's requests. This vulnerability can only be exploited if the attacker tricks the WebAccess user into clicking a malicious link and the attacker has control of a server on the same network as the system where WebAccess is being used.
85919e5b4cda7ee681c52ebaf6b744efd4562b046b0744f8b117c70cc911302f
Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin.
cdca26ab67f9ac1397b3b3bac93f82b4d5e9f6681824ba915f69fb788823a63a
Zero Day Initiative Advisory 10-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficient sanity checks on the documentID parameter to the docfiledownload component. A carefully crafted parameter can result in direct SQL access to the underlying SQL Server database which can be further leveraged by an attacker to potentially execute arbitrary code.
dbed8d04e273771933d3b4da838a3a601689977a848150c4023cb76a10ddc0a5
Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the "username" parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it often survives a successful exploitation attempt.
ff81f757d0ee734b80216662fed47c56e6a92afa7502822354ef61533ab501d3